Typescript rewrite (#147)

* Updated highlight.js * Update .codexdocsrc.sample remove undefined page for a fresh new install * backend rewritten in TS * test -> TS, .added dockerignore, bug fixed * Removed compiled js files, eslint codex/ts added * fixed jsdocs warning, leaving editor confirmation * use path.resolve for DB paths * db drives updated + fixed User model * redundant cleared + style fixed * explicit type fixing * fixing testing code * added body block type * compiled JS files -> dist, fixed compiling errors * fixed compiling error, re-organized ts source code * updated Dockerfile * fixed link to parent page * up nodejs version * fix package name * fix deps Co-authored-by: nvc8996 <nvc.8996@gmail.com> Co-authored-by: Taly <vitalik7tv@yandex.ru>
2025-07-21 06:09:41 +02:00 · 2022-03-05 22:57:23 +04:00 · 2022-03-05 22:57:23 +04:00 · 34514761f5
commit 34514761f5
parent 059cfb96f9
99 changed files with 3817 additions and 2249 deletions
--- a/src/backend/routes/auth.ts
+++ b/src/backend/routes/auth.ts
@ -0,0 +1,78 @@
+import express, { Request, Response } from 'express';
+import jwt from 'jsonwebtoken';
+import config from 'config';
+import bcrypt from 'bcrypt';
+import csrf from 'csurf';
+import * as dotenv from 'dotenv';
+import Users from '../controllers/users';
+
+dotenv.config();
+
+const router = express.Router();
+const csrfProtection = csrf({ cookie: true });
+const parseForm = express.urlencoded({ extended: false });
+
+/**
+ * Authorization page
+ */
+router.get('/auth', csrfProtection, function (req: Request, res: Response) {
+  res.render('auth', {
+    title: 'Login page',
+    csrfToken: req.csrfToken(),
+  });
+});
+
+/**
+ * Process given password
+ */
+router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Response) => {
+  try {
+    const userDoc = await Users.get();
+    const passHash = userDoc.passHash;
+
+    if (!passHash) {
+      res.render('auth', {
+        title: 'Login page',
+        header: 'Password not set',
+        csrfToken: req.csrfToken(),
+      });
+
+      return;
+    }
+
+    bcrypt.compare(req.body.password, passHash, async (err, result) => {
+      if (err || result === false) {
+        res.render('auth', {
+          title: 'Login page',
+          header: 'Wrong password',
+          csrfToken: req.csrfToken(),
+        });
+
+        return;
+      }
+
+      const token = jwt.sign({
+        iss: 'Codex Team',
+        sub: 'auth',
+        iat: Date.now(),
+      }, passHash + config.get('secret'));
+
+      res.cookie('authToken', token, {
+        httpOnly: true,
+        expires: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year
+      });
+
+      res.redirect('/');
+    });
+  } catch (err) {
+    res.render('auth', {
+      title: 'Login page',
+      header: 'Password not set',
+      csrfToken: req.csrfToken(),
+    });
+
+    return;
+  }
+});
+
+export default router;